[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] OXATIS 'EMail' Cross Site Scripting Vulnerability

Dear Sir or Madam,
A vulnerability has been discovered in OXATIS, which can be exploited by 
malicious people to conduct cross-site scripting attacks. Input passed via the 
'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being 
returned to the user. This can be exploited to execute arbitrary HTML and 
script code in a user's browser session in context of an affected site.

HTTPCS Advisory : HTTPCS159

Product : OXATIS

Version : 2017

Page : /PBSubscribe.asp

Variables : newsradio=1&EMail=[VulnHTTPCS]

Type : XSS

Method : GET

Description : A vulnerability has been discovered in OXATIS, which can be 
exploited by malicious people to conduct cross-site scripting attacks. Input 
passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly 
sanitised before being returned to the user. This can be exploited to execute 
arbitrary HTML and script code in a user's browser session in context of an 
affected site.

References :  <https://www.httpcs.com/advisory/httpcs159> 
https://www.httpcs.com/advisory/httpcs159

Credit : HTTPCS [Web Vulnerability Scanner]

------------------------------------------------------
*For your security no information will be communicated before the update.
------------------------------------------------------
Cordialement,

Support Client HTTPCS
Support Technique : +33.805.693.333
Support Commercial : +33.805.693.333
Fax : +33.4.11.93.45.04
Email:  <mailto:contact@xxxxxxxxxx> contact@xxxxxxxxxx
Du lundi au vendredi : 9h - 19h 
  
<https://mandrillapp.com/track/open.php?u=30841549&id=a659e4dcc20947548e0e76e4ad409c55>
 

 

 


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/